Virtualbox overrides umask, making it unusable for shared setup

Description

I want to setup Virtualbox to use a common directory to be used by any user who sits at the console (using VBOX_USER_HOME and the machinefolder property). Problem: The VirtualBox tools (GUI or command line) ignore umask and use 0600 instead. The next user runs into "permission denied" problems.

This makes it impossible for us to deploy VirtualBox as a replacement for VMware.

Change History

It is true that VirtualBox does not respect umask for writing the configuration files. But on the other hand I don't get the point of the original reporter. VirtualBox configuration files are always per-user and there is no point to use the same files simultaneously by several users. If you try so then there will be races when configuration files are written.

If this should be a setup like 'create a common configuration once and then use it by another user', why not just copy the configuration directory?

Who said "simultaneously"? Why do you think that the config files are "per-user", when VB supports a VBOX_USER_HOME environment variable? Of course concurrent write access to these files and directories has to be blocked, but thats the case for a "single user approach" as well. ???

I had hoped for 4.3, but its just a disappointment wrt the umask issue. :-(

Any kind of sharing is not in our list of valid use cases. Who told you that the reason for having VBOX_USER_HOME is to share VMs? It's intended for separating several setups for ONE user (or to have a non-default place for the user's .VirtualBox directory).

The purpose of VBOX_USER_HOME is to relocate the configuration directory. Maybe I am too blind to see, but the documentation doesn't restrict this in any way to a single user account. Maybe this "single-user-only" approach goes without saying on Windows, but on Unix this is a bug (IMHO).

Please note that this umask issue is still the major concern of my colleagues against using Virtualbox. They prefer Vmware Workstation/Player, because Vmware guests are a lot easier to deploy. Using Vmware the admins can manage the virtual hosts (without breaking into foreign user accounts, making sure the configuration is correct), and the users "just use it". Is it too much to ask for to get the same for Virtualbox? Please remember that we are talking about the access bits to just a few config and image files.

VirtualBox has been designed with security in mind, and the insecurity of VM sharing through "umask 000" trickery is the reason why we don't consider adding this use case. It's something which is suspiciously close to the limits of the Oracle product security policy. We'd have to make this an option (because by default the setup has to be secure), and that means to support a tiny user base which deliberately wants this we have to implement a lot of special code. Sorry to day that, but such special features can't have a high priority, which means it'll take quite a while to get it done. How about someone contributing this? You said it's easy, just a few config and image file creation calls have to be fixed.

As an immediately available alternative: How about putting the VMs to be shared in a shared account, e.g. one named "vboxvms", which is accessible by the people who need this setup? That would actually be rather similar security wise, and is quite easy to set up for anyone with such special requirements.